Connect to VPN before login to computer
-
Hello there,
Is there a way to have OpenVPN connected before the user logs in to the computer?
Since everyone working from home I can not push AD GPOs per machine. -
It's certainly possible in Linux. Not sure about Windows.
-
You would have to run the client as a service, so it starts with the OS before login:
https://openvpn.net/cloud-docs/user-guide-openvpn-as-a-system-service-on-windows/
https://openvpn.net/community-resources/running-openvpn-as-a-windows-service/
-
@marvosa
I am aware of running OpenVPN as a service, but how can I provide user's credentials? -
@piotres
One option, add the following to the client's config:auth-user-pass pass.txt
then add a 2 line text file called "pass.txt" in the same folder as the client's config using the following format:
username
passwordAnother option, create a separate instance for auto-connect users that auth's from certificate only.
Another option, create a service account for auto-connect users, so solutions similar to the above can be deployed without input from the end-user. We did this at my last gig with Cisco AnyConnect.
Another possible option, it looks like the "auth-user-pass" directive can be invoked via the command line, so it may be possible to add something like the following to the parameters section of the service instead of modifying the client config:
--config C:\Program Files\OpenVPN\config\myvpnconfig.ovpn --auth-user-pass "C:\Program Files\OpenVPN\config\pass.txt"
